Ask Slashdot: What To Do About Android Malware? 191
An anonymous reader writes: What's your approach to detecting and dealing with Android malware? I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal. There have been lots of stories lately about Android malware that remind me of the old saw about weather: everyone talks about it, but no one does anything about it. However, that can't be completely true, and before I reach a phone crisis, I'd like to get some sane, sage advice about diagnosing malware, and disposing of it, or at least mitigating its damage. When it comes to diagnosing, I don't know what software to trust. I've heard positive things from friends (and seen both positive reviews and terrible negative ones, raising even more meta questions about trust) about Malwarebytes, so I installed their mobile version. This dutifully scans my system, and reports no errors and malware. Which doesn't mean there isn't any, though I'd be happy to find out that I'm just being paranoid. The OS is stock (Motorola Nexus 6) and kept up to date. I have only very conventional apps, all downloaded from Google's Play store, and believe it or not I don't visit any dodgy websites on my phone, at least not intentionally. So: what's the most reliable way to get an accurate view of whether I am dealing with malware at all, and hopefully to eradicate it? Good malware hides well, I know, but is there any tool on the side of the righteous that is currently best at rooting it out? If I find a specific form of malware on my phone, how can I remove it?
Google had a chance . . . (Score:3, Insightful)
to start with a completely clean slate and get it right. Instead they re-created the Windows ecosystem. Congratulations.
Re: (Score:2, Insightful)
But it's free and open and full of goodness and stuff!
Curse Apple and their walled garden! I WANT TO BE ABLE TO CHOOSE MY MALWARE FREELY!
Re: (Score:3)
Re:Google had a chance . . . (Score:4, Interesting)
It's worse that Windows. In Windows you can reinstall the base OS (bloatware free) and then install the drivers and you're done.
Android is to the point where they should have a standard-driver-package. Manufactures can release something similar to an apk, with the source (or just .o files, who gives a shit) that can auto-compile for all devices. That what you just go ASOP + these special packages and boom. Standard Android. You can use your manufactures custom install as well, but at least you'd have a choice. Google could add in the EULA that voiding warranties for unlocking bootloaders is out of the rules.
It's not that difficult a fix. You could get manufactures not releasing driver package updates, sure...but at least it would make it easier to do so. Android would benefit from being more like Windows as a general purpose OS at this point.
Re: (Score:2)
Interestingly enough this has been a crapshoot for me every time resulting in missing apps.
Re: (Score:2)
This kind of approach doesn't tend to restore the fact that you were finally on level 42 of Junkfood Smash, either.
Apple has two ecosystems, Mac could work ... (Score:2)
I guess they could have put it in Apple`s Walled Prison right
There are two Apple ecosystems, iOS and Mac OS X, both offer app stores where every app is subject to review. The Mac ecosystem also allows a user to download apps directly from a manufacturer. In other words on the Mac if the supplier is trustworthy you can go direct. If the supplier is an unknown you can go app store so you know its been reviewed. Google could have gone this route and reviewed apps on Google play while still allowing side loading for users who wanted to take the risk or who were dealing w
Google Nexus devices are only way to go Android (Score:3)
At least the Apple works and have a longer span of vendor support. Scoff all you want but I can keep my devices longer as they're both longer lived and longer supported.
The person having the malware problem and asking questions is using a Nexus 6. That's a product from Google and it gets all upgrades. IMHO the Nexus devices are the only way to go with Android, you are sure of getting long term support and upgrades. For Android development I have a Nexus 4, a 2012 device, and it upgrades to the most recent version of Android.
Re: (Score:2)
Do they make flash drives capable of making up for the headless state of USB connection? Seems to me that you would need something almost a computer in order to handle the interchange overhead or whatever it is called in order to transfer the files on and off the phone. At that point, you really don't need the phone or tablet any more.
Re: (Score:2)
Funny you mention this, My 2014 iPhone 6+ runs this year's iOS 9 better than it ever did iOS 8. Same goes with the iPad Air too. We have a 5s and a 5c here and their owners haven't complained any either.
I'd guess you may be right talking about the 4s, but that's 4 years old now and it too runs iOS 9.
Re: (Score:2)
FWIW, my iPhone 5S seems to do just fine on iOS 9, and that's one generation behind yours.
Re: (Score:2)
I only pointed out a counter example to an earlier post. I'm not on a mission to convert Android users or get into a pissing match - the choice of OS in this case is just a matter of personal taste.
It's like arguing over speakers. Specs are good and all that, but the best choice ultimately is what sounds good to the buyer.
Start over (Score:5, Interesting)
Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.
If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.
Re:Start over (Score:5, Insightful)
Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.
If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.
In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?
Re:Start over (Score:5, Informative)
Unlike iOS Android allows you to side load apps *officially* but in this case all bets are off and you MUST understand what you're doing. With Apple there's no such freedom (unless you root your phone which is unsafe and voids your warranty) at all.
So, Google's walled garden is at your full discretion. If you like the feeling of safety you stay in it. If you want freedom, you can leave it any time you want. Most Android phones even allow you to have root if you're hellbent on having total freedom [to destroy your device].
Re: (Score:2)
Since iOS 8 something-or-other, you've been able to download and install apps from anywhere. No mac, no Xcode, just the iPad and a website.
This is a complete nightmare now, because my kids fill their iPads up will all sorts of dodgy apps. The whole point of buying iPads was to avoid this - we did have an Android device for a while but it was rapidly filled with adware.
Re: (Score:2)
No. with a free developers account you can compile on X-code and run in an emulator. To actually get the app onto your device you will have to pay for their $100/year developer account.
That all of course is not even including the price of actually purchasing a Mac.
Re: (Score:2)
You paid Apple a premium for the iDevice; you can pay Apple a premium for the Mac. Or you could buy a Mac the next time it's time to replace your computer with a new one anyway.
Re:Start over (Score:5, Informative)
The Amazon and F-Droid app stores are fine. Just avoid the less reputable ones until you learn the basics of computer use, like not installing dodgy cracked apps or "free" virus scans etc.
Look, the questioner clearly knows enough to be dangerous to himself but not enough to wield root privileges on his phone. Best thing to do is stick to Play until he understands this stuff. Just because you have the freedom to do something doesn't mean you should assume you can do it competently.
Two Cracked apps (Score:2)
Just avoid the less reputable ones until you learn the basics of computer use, like not installing dodgy cracked apps
I agree: someone new to Android should stick to the reputable repositories, which are Google Play, Amazon, and F-Droid, and avoid any app that seeks administrative permissions unless required by an employer. But if there are two apps for reading Cracked on a reputable store, how do I know which are and aren't dodgy? There's the official app [google.com] but also a third-party app [google.com].
Re: (Score:2)
I agree: someone new to Android should stick to the reputable repositories, which are Google Play, Amazon, and F-Droid
Did this. Still got adware and popups and degraded performance.
Re: (Score:2)
Developers need to eat. Therefore developers do what's profitable. Something the majority does not adopt is unprofitable. The majority prefers adware to paid apps. What's the solution that allows developers to eat?
Re: (Score:2)
Isn't download count the "if everyone was jumping off a bridge" argument? Over a billion people have downloaded the Facebook and Facebook Messenger apps, yet Facebook is still considered intrusive by many Slashdot users.
Re: (Score:3)
So? It's the same with a PC. Yet malware is actually quite easy to avoid.
Walled garden and trust are not the same thing.
Re: Start over (Score:5, Informative)
The difference with a PC is that when a security vulnerability is found on a Dell running Windoes and Microsoft releases a patch, you don't have to wait for Dell and Best Buy to hopefully allow you to update your PC.
When Google releases a patch for Android, you have to hope that you phone manufacturer and your carrier push the patch to you.
Then make a point of buying Nexus (Score:2)
In other words, all Windows PCs are like unlocked Nexus phones: they get updates directly from the operating system publisher.
Re: (Score:2)
You only have to wait until you warranty expires on an Android phone and then of course it makes no difference. You will of course need to reference how well that phone works with non-manufacturer specific android builds. Once you no longer have a warranty to lose, well, you have more to lose by sticking to older unpatched Android builds. Google could of course work to create Android releases and an install system for the most popular Android phones to keep them up to date, once they are out of warranty.
Re: (Score:2)
You're comparing different things. I was comparing Android's permissions to PC's permissions. On a PC I don't have a walled garden and yet it's simple enough to keep my computer malware free.
You're comparing bugs in the OS, and while I agree with you that Android leaves a lot to be desired in the patching process nearly all malware on Android does NOT rely on bugs in the OS. Most Android malware first requires the installation of a compromised package. Which goes back to my original point: If you trust the
Re: Start over (Score:2)
Apple's review process does little to prevent security vulnerabilities. They have a static code analyzer that keeps apps from using non public APIs but that's about it. Security on iOS is a function of the operating system sand boxing apps and a better permission system. I don't have to trust the package.
If a security vulnerability is found in the OS. It can be patched and at least right now, pushed to every iOS device worldwide introduced since 2011.
Re: (Score:2)
Again you're missing my point. It's not OS level security, but dumb user level security.
Most of the malware that has actual effect on users is the result of such users installing explicit programs that have questionable requirements i.e. a crappy angry birds rip-off that for some reason needs permission to send SMSes, read your contact list, etc etc. Shit like that is absolutely rife outside the legitimate app stores. And protecting yourself from it is akin to not installing free programs from www.freesoftw
Re: Start over (Score:2)
The Stage Fright vulnerability didn't involve installing software from shady app stores.
The Android security model is a sad joke. For instance just for an app to be able to lower its volume when a phone call comes in, you have to give it permission to monitor your phone calls and to know the details of the call. You also have to give an app all requested permissions at launch for it to work and you can't turn permissions off for an app after it is installed. When you install a third party keyboard on Andr
Re: (Score:2)
Re: Start over (Score:2)
Sources?
For the highly publicized Stage Fright vulnerability?
For the fact that on Android you have to give apps all of the requested permissions or you can't run it?
For the fact that Android has no built in facility to turn off permissions granularly once you install it?
For the fact that a third party keyboard has full network access and can hypothetically send every keystroke over the Internet?
Re: (Score:2)
No he's right about everything, and yet dead wrong about the actual impact that any of what he said has on actual users.
Re: (Score:2)
The Stage Fright vulnerability didn't involve installing software from shady app stores.
Yes you're right. So with 900million potentially affected devices Android should be rife with malware in ways that should make the Blaster worm blush. right? right? ... *crickets*
Stage-fright has not been exploited in a self-replicating way. In order to do anything with it you need to know the specifics of the device you're targeting AND also hope that it's one of the 4.3% of devices out there that doesn't have a version of Android that includes ASLR.
The effects of the bug didn't turn out to be anywhere nearly as serious as the name implied and it isn't actively exploited in the wild. So ... next example?
The Android security model is a sad joke. For instance just for an app to be able to lower its volume when a phone call comes in, you have to give it permission to monitor your phone calls and to know the details of the call. You also have to give an app all requested permissions at launch for it to work and you can't turn permissions off for an app after it is installed.
No you don't. You need to give it permission if you want to monitor the phone state continuously in the background while on a call instead of relying on the OS to hand back to the app. You also don't need permission to see if another app is attempting to get audio focus, such as the phone ringing. What you're describing is lazy developers taking an approach that they think is right and easy without actually doing research. You only need the READ_PHONE_STATE permission if you have an app that intends to steal audio back in the middle of the call such as say an alarm. There's also a debate at the moment about whether the IMEI should be able to be read out with a different permission as there's more reasons to read an IMEI than for instance to know the current phone number of an ongoing call.
Android permissions are continuously evolving, and that makes a lot of developers lazy.
When you install a third party keyboard on Android, you are basically installing a key logger. With iOS when you install a third party keyboard on iOS, you have to give it explicit permission to access the network.
Which every keyboard app does anyway because they incorporate an online spell checking system including the ability to download multiple languages. What's your point?
Re: (Score:3)
There have been numerous security flaws in the crapware bundled with Dell and other manufacturer's PCs. You have to rely on the manufacturer for updates to it, or disable it. Same goes for Android.
Google does do OS updates for non-Nexus devices. They come via the Play store. It's absolutely untrue that Google can't patch the OS. They can patch it, and what's more the Play store services can detect and remove malware, or put mitigations in for the few security issues they can't patch.
That's why you don't see
Re: Start over (Score:2)
I can uninstall any crapware that is on a Wndows PC - or I can avoid crapware entirely by buying PCs from Dell's or HPs business units.
I can also install the newest version of Windows without waiting for the manufacturer. I was even able to stick a Windows 7 disk in an old unsupported Mac Mini from 2006 and install it.
Yes Google is able to update Google Play Services but there are parts of the low level OS they can't update.
Re: (Score:3)
In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?
I'm not sure why the significance of voluntarily escapes you.
Re: (Score:3)
In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?
I'm free to invite anyone into my house I want. Yet, I still lock the doors at night. A voluntary walled garden, every night. Arguably literally. Choosing to be safe is like locking your car doors at the mall. If you lock your car doors when you go shopping, you are a hypocrite. You have the freedom to invite absolutely anyone into your car, so locking it DESTROYs your freedom. Why do you hate freedom?
Re: (Score:2)
Literally.
You keep using that word, I do not think it means what you think it means
Re: (Score:2)
2 :in effect :virtually
http://i.word.com/idictionary/... [word.com]
http://theweek.com/articles/46... [theweek.com]
Words can means more than one thing. Literally is now ALSO = figuratively.
It's over. Multiple dictictionaries say so. Suck it up and deal with it, his usage was 100%, literally correct.
English is dynamic, a living language.
Re: (Score:2)
My dictionary says (emphasis added),
Since some people take sense 2 ["virtually"] to be the opposite of sense 1 ["actually"], it has been frequently criticized as a misuse. Instead, the use is pure hyperbole intended to gain emphasis, but it often appears in contexts where no additional emphasis is necessary.
Translation: You use it like that if you're wanting to be a drama queen waiting to make a point just so you can appear intelligent.
Re: (Score:2)
That does not make this thread's OP incorrect in using it. It does mean, though, that you've essentially dropped to character assassination, simply because you don't like him using it in the recently dictionary validated way.
Now that the usage is officially correct, after being added to many dictionaries over the last few years, people need to just get over it. That means, that when someone uses it, changing:
"I *hate* that, it is incorrect usage"
to
"I *hate* that, it *should* be incorrect usage, so I'll ma
Re: (Score:2)
Sure it is, but when you get malware and other crap ... don't bitch to the rest of the world. Nobody said it would be safe, merely that you are free to do it if you want.
The problem is that even stuff which comes from the official Android stores are barely above what I'd call malware ... they all want access to your contact list,
Re: (Score:3, Informative)
If you have malware, that's cause you (or someone with access to your phone) installed it.
Not necessarily true. There are quite a few passive vectors for injecting malware into older android apps. The numerous stagefright vulnerabilities included.
Re: (Score:2)
Re: (Score:2)
If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.
So there exists no browser exploit, no vulnerable apps on the app store, and no other way for your phone to have a problem unless you sideload a "bad" APK? Seems like there are some vulnerabilities you are missing on your list.
Re: (Score:2)
Re: Start over (Score:2)
Easy (Score:1)
I have a Nexus 6. Google have provided useful applicatons that shipped with the device. I don't download anything from the Google Play store. Full stop. I don't need or want anything that did not come with the phone. One reason for going with the Nexus devices is I get a guaranteed update path and a steady stream of patches unlike going with say, Samsung from a carrier. I know friends who go months before getting patches.
Re: Easy (Score:3)
So the only way that you don't get malware and get OS updates (for maybe two years) is by buying the phone from the same company that makes the OS. That sounds like a wall gardened to me
But then you said you don't install any apps. That's more like a walled desert.
Re: (Score:2)
Early iOS's web standard support was anemic (Score:2)
Amusingly, the original iPhone was about standards for web based content.
Yet the web browser in iOS didn't support web access to the accelerometer until iOS 4, <input type="file"> until iOS 6, nor WebGL until iOS 8.
Lollipop on Nexus 7 has multi-second pauses (Score:2)
Yet somehow my Nexus 7 (2012; codename grouper) tablet got much slower when upgrading from KitKat (4.4) to Lollipop (5.0 and 5.1). It gets so bad that the UI has multi-second pauses if the Google Play Store app is downloading or installing an application update in the background. And it's not just an app's UI; it's the system UI including swiping down from the top.
Re: (Score:2)
Yet another problem that can only be fixed with a backup, factory reset, and root.
Jumping to the conclusion (Score:3, Insightful)
"the recently degraded performance of which leads me to believe that it's infected with malware. "
Occam's razor says your degraded performance is much more likely to be due to more mundane reasons like incompetent apps / OS (Google, here's looking at you), than malware.
Re:Jumping to the conclusion (Score:5, Informative)
Yep, the questioner's phone isn't infected by malware. He bought into the paranoid rants about Android malware that are 99% bullshit.
If he only downloaded apps from Play he is safe. Google scan every app for malware. He's done a malware scan too. There is nothing wrong. Any performance issues are likely just because he installed a ton of crapware, much of which is now pinging advertising servers that are marked as "bad" on various hosts file lists but are actually just mundane.
Uninstall some stuff, see if the situation improves. Or wipe back to factory and this time install one app at a time and see if it kills performance. A handy tip is to look at the battery use screen and see which apps are chewing up energy.
Re: (Score:1)
Re: Jumping to the conclusion (Score:1)
It's the future we all dreamed of.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not even Google Play is safe.
But you have to take into account that there are possible holes that can be utilized when you visit web pages or open messages. Even OTA SMS is a risk.
Re: (Score:2)
Pretty much what I thought as soon as I read TFS.
specifically, Facebook (Score:5, Informative)
In particular, I wonder if the Facebook app is installed. It's pretty nasty. If you're not a Facebook-aholic, just use your browser to access facebook.com. If you ARE on Facebook 30 times per day or more, recognize that it's having a significant negative impact on your phone (and probably your life), then decide what you want to do.
Re: (Score:2)
Or you can just switch off notifications all the stuff you don't care about, and set it to sync rarely. Problem solved.
I have a wakelock analysis program installed and Facebook is never in the top ten.
Look at the Facebook app permissions and terms (Score:2)
Have a good look at all the permissions that the Facebook app has. I know, it'll take quite a long time to read the whole list. Then look at the terms of use. You've solved a small part of the problem. You are of course free to make your own decisions. Thoee decisions are not without costs.
Re: (Score:2)
Re: (Score:2)
Absolutely. I have an older phone and lately it's been getting slower and slower and kills apps more frequently as memory is tighter now. I don't have many apps, and I don't auto update the apps. The only thing on the phone that automatically updates are the Google Play Services and the Google Play apps, which update often and silently. Both are much much bigger than they used to be. It's kind of out of control.
The worse thing about the Android ecosystem is the complete lack of version control. Once an
Comment removed (Score:3)
Re: (Score:1)
If you never installed anything from other than the playstore, I doubt you have malware, despite the
AV companies telling you how important their services are, and how Microsoft and Apple both
say Android malware is extremely prevalent. I don't know a single person who has gotten
Android malware, even once. And I co-run an Android group.
Things to consider (Score:5, Informative)
In case you got a sophisticated piece of malware which installed a rootkit into your bootloader or system partition, a simple factory reset will *not* help, so your *only safe* remedy is to reflash your phone *completely*. Google for "Reflash Nexus 6" or follow this link: http://forum.xda-developers.co... [xda-developers.com]
After that make sure you install apps *only* from Google Play and you have "Allow Unknown Sources" under Security disabled. Make sure that the apps you install have a considerable number of positive reviews and the apps make use of sane permissions.
Make sure you're the only person who uses your smartphone, because other people may do things you'll regret later. If you absolutely need to let someone use your phone, activate a guest account for them and let them run only the apps they need.
Create a decent password for your lock screen (at least six digits) and make sure your phone locks after a period of inactivity.
If you're extremely paranoid, before installing an app, find its offline version, i.e. apk (they are usually easily googeable) and run it through virustotal.com (I usually do that when I install unpopular dubious apps).
Re: (Score:2)
Re: (Score:2)
Who downloads apps from outside the app store? That's practically begging for trouble.
Re:Things to consider (Score:4, Interesting)
To be fair I've more faith in apps from f-droid.org [f-droid.org] than in I do in apps from the Play store. The flashlight and music player apps there don't want access to your contacts list, unique ID, and wifi connections. And their code seems to be more highly vetted than those in the Play store.
Re: (Score:2)
F-Droid also tended to be lacking in high-production-value games the last time I checked.
Re: (Score:3)
It has Robotfindskitten, what else does anyone need?
(ok, ok, there's no Moon Buggy, yet)
Re: (Score:2)
It has Robotfindskitten
So does anything with an NES emulator, since I made a robotfindskitten implementation for NES [nesdev.com]. But a text game with about 2.5K of code that someone could hack up in a night doesn't quite qualify as "high-production-value games".
, what else does anyone need?
I was referring to, say, a first-person shooter or action-adventure game with characters more detailed than smiley faces or stick figures and environments more detailed than just a bunch of featureless boxes.
Tier between text and AAA (Score:2)
Why would you want to waste perfectly good storage, network bandwidth and battery life on a chopped-up, crappy interface, crappy user experience "AAA" game port on a mobile phone instead of using a dedicated mobile gaming device?
Because there's a mid-tier between text (the example of robotfindskitten) and AAA, and not all games in this mid-tier happen to be ported to PlayStation Vita. Some games are from smaller studios that can't afford a simultaneous release across five platforms (Android, iOS, Windows Phone, PlayStation Vita, and Nintendo 3DS). Instead, they use revenue from one platform to fund a port to other platforms, and the platforms of least resistance tend to get the game first. Someone who visits the developer's web sit
Re: (Score:2)
I agree - some apps installed want access to all the stuff on the phone without constraints even when I don't see a reason for it. And there's no way to exclude the access rights and still install the app.
Re: (Score:2)
I would like to see better sand-boxing in Android. Even if an app has a legit reason to access x, y and/or z, the option to divert the access to a "fake" x, y and/or z would be very useful. And each app would have its own sandbox, so the fakes are not shared between apps. The fakes would act like the the real things. For example, fake contacts would contain a few "preloaded" default contacts. It could even allow the app to add a very few contacts to the fake.
Any app that refused to work because it detected
Stop side-loading pirated apps! (Score:1)
Look through the logs (Score:4, Informative)
a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal.
Pull out WireShark and see what's getting sent. I consider advertisers to be "sketchy addresses," and I think your friend is probably a noob if he didn't show you what was in the packets.
If you're not interested in doing that, then just factory reset your phone.
Wipe it with stock or CM, then... (Score:3)
...don't install stuff you don't need. Don't pirate apps. Educate yourself via XDA on what is safe, what is not, and what apps are simply performance suckers.
Non-Five Eyes countries (Score:2)
Half the mod authors speak broken english too
But I'm willing to bet that their English is better than your Polish, or German, or whatever language is official in the non-Five Eyes countries where mod authors tend to live.
Trust nothing, not even me (Score:2)
Everything we do on our phones fits into one of two broad categories:
1. Personal and work life. Deeply private, sensitive and importan
simple answer (Score:2, Offtopic)
What's your approach to detecting and dealing with Android malware?
don't use android. this is not said in a sarcastic, troll-baiting, flame-fest-demanding or other meaninglessly fucking stupid way or any other way which is to be misunderstood, either accidentally or deliberately. it is said in a simple factual way. if you use a monoculture OS, supplied in binary form only and, for commercial (profit prioritisation) reasons not properly supported by the manufacturer (no, google is NOT the manufacturer of the world's 3rd party android mobile phones, they are the supplier
Ask your friend (Score:2)
"That, and a friend who noticed a lot of strange activity coming from my phone's IP"
Sound's like your friend is a load more steps ahead than the rest of us, who have none of the information he was working to. He noticed somehow (no detail here), and he know which sites and which he believes are sketchy. Sounds like the best source of help is this friend.
Simple- don't be stupid (Score:2)
>"What's your approach to detecting and dealing with Android malware"
Um, not turning on "allow unknown sources" and then installing a bunch of stolen/sketchy/unknown crap from shady/strange/random/unknown places. It mostly really is that simple. I have never had malware on any of my many Android devices.
What To Do About Android Malware? (Score:2)
Educate people on their freedoms to do dumb things (Score:2)
Stick to the official store or a trusted third party one. It's highly unlikely that you will be infected and if by misfortune you are, there is a chance that the software can be remotely killed and removed before it does any harm.
A few choices... (Score:2)
- Complete, firmware-level wipe (if possible, depends on phone model), re-installation of stock firmware, or...
- Complete, firmware-level wipe (if possible, depends on phone model), installation of custom ROM (which will support some of the phone functionality, depending on ROM), and...
- Avoid anything not from the google app store, and any app requiring high-level permissions, and any app requiring access you don't want it to have, or...
- Get an iPhone (which is not 100% safe, but safer than essentially an
Easy (Score:2)
Install a restraining bolt.
Re: (Score:2)
Does it have to be AVG [slashdot.org]?
btw, I have an older Samsung with no update-path unless I choose to root it. I have essentially blocked the stock browser and have disabled MMS.
Re: (Score:2)
Depositing checks (Score:2)
I don't login to my email, banking, or any other sensitive accounts. I don't pay bills with my phone.
So how do you deposit paper checks?
Occasionally I receive a paper check from a relative who tells me she's too old and set in her ways to consider using the electronic funds transfer button on the bank's website. Some other people may be working for employers that issue paper checks because they are too small to offer payroll direct deposit. Chase Bank has a check deposit app for phones, which operates by photographing the front and back of a check with the phone's rear-facing camera, but none for desktop c
Re: (Score:2)
I have never used paper checks the last 20 years. They are considered obsolete here.
Even at shops you are almost a suspect for fraud if you show up with a check unless you are over 70.
Every employer here do direct deposit to your bank account - it's even simpler for them than to produce a check.
Re: (Score:2)
I have never used paper checks the last 20 years. They are considered obsolete here.
So how do individuals send payments to individuals, especially if the sender doesn't subscribe to a cellular data plan?
Even at shops you are almost a suspect for fraud if you show up with a check unless you are over 70.
Which this relative is. In shops, she pays with her debit card, but she mails checks with birthday cards and the like.
Every employer here do direct deposit to your bank account
So should someone who gets "I'm sorry; our payroll processor declined my request to add direct deposit" update his resume?
Re: (Score:2)
I have never used paper checks the last 20 years. They are considered obsolete here.
So how do individuals send payments to individuals, especially if the sender doesn't subscribe to a cellular data plan?
Direct bank transfers or cash. Sometimes indirect transfers through a payment service.
Even at shops you are almost a suspect for fraud if you show up with a check unless you are over 70.
Which this relative is. In shops, she pays with her debit card, but she mails checks with birthday cards and the like.
Every employer here do direct deposit to your bank account
So should someone who gets "I'm sorry; our payroll processor declined my request to add direct deposit" update his resume?
In the rare case someone don't have a bank account that a direct transfer can be done to then it's a question of cash, but those cases are so rare that checks won't work either because there's nowhere to cash the checks without finding a bank office that can do it, and you need a bank account to cash a check - so back to the fact that it would happen so rarely that it's going to cause problems.
Checks are obsolete here.
Talk of online transfers makes her go redneck (Score:2)
In the rare case someone don't have a bank account that a direct transfer can be done to then it's a question of cash
She has a bank account capable of direct transfer. Though she routinely uses her bank's web site to check her balance, she is unwilling to learn to use its online form for sending a direct transfer: "I'm old and set in my ways, and I ain't usin' no online transfer." She breaks into the redneck dialect that she reserves for when she is frustrated and understands that her appeal to emotion and tradition is invalid. To her, the alternative to a check is not paying at all. So during the cycling off-season, when
Re: (Score:2)
That's right - if you get a personal check it can be a headache to get money from it around here, so private transactions are very rarely done with checks these days since it requires that you have a good bank where you actually can transfer the check to your account - and you often have to pay a fee for it too.
Direct transfers are free of charge.